Link to home
Start Free TrialLog in
Avatar of TheCommunicator
TheCommunicatorFlag for United States of America

asked on

Audit Failure event in security logs of Domain controller

Hi,

I am checking some security event logs on the domain controller and what I am seeing is a lot of Audit failure logs. The surprising thing is that these audit failure events are coming from the only computers on the network which are on the same network BUT NOT ON DOMAIN. I am not sureif it is a particular type of bot or virus attack.

Any suggestions?
ASKER CERTIFIED SOLUTION
Avatar of Adam Brown
Adam Brown
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of TheCommunicator

ASKER

It says Login failed. It looks like somebody from this machines is trying to actually login to Domain controller. I am not sure whether this is for real or something else is being masked as Login failure.


I am attaching the snapshot

Audit-Failure.png
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Any persistent mappings from those systems using domain creds?

Oh yes actually these computers browse to some of the folders on these servers.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Can you please explain? stored password which are out of date?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Well, i checked. They do not use any credential manager facility.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
It is Logon type 3.